Static analysis is often performed on instruction code of computer-based software applications to identify issues such as logic errors and security vulnerabilities within an instruction code set. For example, one common type of static analysis, referred to as taint analysis, is used to identify references within a code set that refer to data that come from or are influenced by an external and/or untrusted source (e.g., a malicious user), and are therefore vulnerable to attack. Unfortunately, taint analysis techniques are not perfect and often provide false positive identifications of vulnerabilities that are not really vulnerabilities.